Senior Threat Detection & Incident Response (DFIR) Engineer

Build the Future with AspenView Technology Partners At AspenView, we are passionate about transforming the way organizations approach technology. We specialize in creating high-performing, nearshore IT teams to help North American clients innovate faster and more efficiently. As we continue to grow, we’re looking for exceptional people to join our team and help drive impactful change across industries. Why Join AspenView? At AspenView, we’re more than a nearshore IT partner—we’re a people-first, purpose-driven company that believes great culture drives great outcomes. We’re passionate about connecting talent and technology to deliver measurable value for clients—and meaningful career paths for our people. Here’s what you can expect: Competitive base Comprehensive benefits and wellness supportFlexible work model: hybrid, remote, or in-officeReal growth opportunities and leadership visibilityInclusive, respectful culture that blends U.S. innovation with Colombian heartA company that listens, invests in you, and celebrates wins together The Senior Threat Detection & Incident Response (DFIR) Engineer is a high-impact technical expert responsible for identifying, investigating, and neutralizing sophisticated cyber threats. This role goes beyond standard monitoring; you will actively hunt for adversaries, develop advanced detection logic, and lead forensic investigations to understand the "how" and "why" behind an intrusion. You will act as the technical authority during critical security events, ensuring that evidence is preserved, threats are contained, and lessons learned are translated into automated detection playbooks. What you will do: Detection Engineering & Threat Hunting Lead proactive threat hunting missions across endpoints, networks, and cloud environments using the MITRE ATT&CK framework.Develop and optimize SIEM content (Splunk, Sentinel, Chronicle, or QRadar) and Sigma rules to identify emerging adversary TTPs.Design and implement custom detection logic to reduce false positives and improve the fidelity of security alerts. Incident Response & Forensics Lead the Incident Response lifecycle for high-severity events: from initial containment and eradication to evidence preservation.Perform digital forensics and deep-dive investigations on compromised systems to determine the root cause and scope of breaches.Execute malware analysis and reverse engineering to identify capabilities, C2 infrastructure, and indicators of compromise (IoCs). Threat Intelligence & Automation Collect, enrich, and disseminate Threat Intelligence to proactively block emerging threats.Design and automate Incident Response playbooks to standardize response actions and reduce MTTR.Collaborate with infrastructure and engineering teams to implement defensive hardening based on intelligence findings. Tools & Technologies: SIEM Tools: Advanced proficiency in Splunk (ES), Microsoft Sentinel, QRadar, or Google Chronicle.Forensics: Experience with EnCase, FTK, Volatility, or Velociraptor.Analysis: Tools like IDA Pro, Ghidra, Wireshark, and Burp Suite.Frameworks: Deep mastery of MITRE ATT&CK, Sigma, and YARA rules.Languages: Proficiency in Python or PowerShell for forensic automation and data analysis. What you bring: 6–8+ years of experience in SOC Operations, Incident Response, or Threat Intelligence.Investigative Mindset: Proven ability to follow complex attack chains and reconstruct security incidents.Technical Depth: Hands-on experience with memory forensics, network traffic analysis, and host-based artifacts.Automation Drive: A passion for transforming manual investigation steps into automated detection and response flows.Certifications: GCIH, GCFA, GREM, or OSCP are highly valued. Equal Opportunity Employer: AspenView is proud to be an equal opportunity employer. We believe in creating an environment where all employees feel welcome, valued, and empowered to succeed. We celebrate diversity and strive to build a culture of inclusion where all individuals, regardless of their race, color, gender, gender identity or expression, sexual orientation, disability, age, or any other characteristic, can thrive. We encourage applicants from all walks of life to join our team and make a lasting impact. Locations: Spain; Portugal; Poland; Serbia; Remote (Argentina); Remote (Colombia); Czechia; Romania